From z/OS ACF2 STIG
Part of ZUSS0045
Associated with IA controls: DCCS-1, DCCS-2
User identifiers (ACF2 logonids, RACF userids, and Top Secret ACIDs), groups, and started tasks that use z/OS UNIX facilities are defined to an ACP with attributes including UID and GID. If these attributes are not correctly defined, data access or command privilege controls could be compromised.
a) Refer to the following reports produced by the ACP Data Collection: ACF2 - ACF2CMDS.RPT(OMVSUSER) - ACF2CMDS.RPT(LOGONIDS) RACF - RACFCMDS.RPT(LISTUSER) TSS - TSSCMDS.RPT(@ACIDS) b) If RMFGAT is defined as follows, there is NO FINDING: 1) Default group specified as OMVSGRP or STCOMVS 2) A unique, non-zero UID 3) HOME directory specified as “/” 4) Shell program specified as “/bin/sh” c) If RMFGAT is not defined as specified in (b) above, this is a FINDING.
The systems programmer will verify that RMFGAT user account is defined as specified below: 1) Default group specified as OMVSGRP or STCOMVS 2) A unique, non-zero UID 3) HOME directory specified as “/” 4) Shell program specified as “/bin/sh” RMFGAT is the userid for the Resource Measurement Facility (RMF) Monitor III Gatherer. It requires access to z/OS UNIX data. It must be assigned a unique UID and group and assigned the root directory (“/”) as its home directory.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer